Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918444 (CVE-2023-3417) - <mail-client/thunderbird{-bin,}-115.5.0: multiple vulnerabilities
Summary: <mail-client/thunderbird{-bin,}-115.5.0: multiple vulnerabilities
Alias: CVE-2023-3417
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa+]
Depends on:
Blocks: CVE-2023-3600, CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-2023-37208, CVE-2023-37211, CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4051, CVE-2023-4052, CVE-2023-4053, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585, CVE-2023-5168, CVE-2023-5169, CVE-2023-5171, CVE-2023-5174, CVE-2023-5176, CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732, CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212
  Show dependency tree
Reported: 2023-11-25 03:39 UTC by John Helmert III
Modified: 2024-02-19 06:15 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 03:39:11 UTC

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in  fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

More details also in tracker. Please cleanup remaining affected versions.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 03:40:10 UTC
Oops, wrong tracker..
Comment 2 Larry the Git Cow gentoo-dev 2024-02-19 06:11:05 UTC
The bug has been referenced in the following commit(s):

commit 39f2a7a485887d1506cfabc1ac4bee230c06a1e7
Author:     GLSAMaker <>
AuthorDate: 2024-02-19 05:59:01 +0000
Commit:     John Helmert III <>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-25 ] Mozilla Thunderbird: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: John Helmert III <>

 glsa-202402-25.xml | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 129 insertions(+)